Appeals court raises standard for laptop searches at US border

Still, a sex offender with encrypted files was suspicious enough to search.

Citizens' rights to be free from searches don't hold everywhere. At border crossings, as in airports, people can be searched by authorities as a matter of routine course. But what should the standard be for not just rummaging through a briefcase, but for when the government wants to dig deep into the files on our electronic gadgets—even looking at deleted files?

A "watershed" decision from a federal appeals court today ruled that the government must have "reasonable suspicion" to do such an intensive computer search. However, the judges also ruled that standard was met in the search in question, which involved child pornography being brought across the border from Mexico. The US Court of Appeals for the 9th Circuit, sitting "en banc," reversed a lower court's decision to suppress an intensive forensic analysis of a laptop belonging to a traveler, Howard Cotterman, which resulted in a discovery of child pornography.

The search started out as a "cursory review at the border but transformed into a forensic examination of Cotterman's hard drive." The court acknowledged it was a "watershed case" with implications for what kind of privacy rights all Americans can expect with regards to password-protected files on their computers.

A criminal history and password-protected files create “reasonable suspicion”

Border searches are an exception to the general principle, protected by the Fourth Amendment, that warrants be obtained. Still, a border is not an "anything goes" zone, as an 8-3 majority of the court emphasized in today's decision [PDF]. Searches still need to be based on a "reasonable suspicion."

Cotterman was returning to the US with his wife from a vacation in Mexico in 2007. In a routine check, a border computer system returned a hit for Cotterman—he was a sex offender, and had been convicted on several counts, including child molestation, in 1992. The agents then searched his car, and found two laptops and three digital cameras, which they also inspected. Those devices had several password-protected files.

The border agents suspected, based in part on the existence of password-protected files, that Cotterman may have been engaged in sex tourism. They interviewed him and his wife, and ultimately released them—but kept the laptops and one camera. The laptop was brought to an Immigration and Customs Enforcement office in Tucson, Arizona, where an ICE agent performed intensive forensic search on the laptops. On one laptop, the search found 75 images of child pornography in the "unallocated space" of the hard drive, which is where deleted data resides.

Cotterman was indicted on child porn charges. The judge overseeing his case ruled the evidence should be suppressed. Cotterman's 15-year-old history, combined with the mere presence of password-protected files, wasn't enough to justify a search under the "reasonable suspicion" standard. That judge's decision was reversed by an appeals panel, and now the case has gone to the full 9th Circuit, with a majority agreeing that the government did have a right to search the laptop.

The majority in today's ruling found that "the legitimacy of the initial search... is not in doubt." That search would have been fine, even without "particularized suspicion," a majority of judges held. But the intensive forensic examination that analyzed the whole hard drive presents a "difficult question," they acknowledged. Even though the rules are different at the border, searches must still be regulated somehow.

Still, the majority felt that on balance, the search was justified.

In defining the new standard, the majority recognized that technology has created a situation where a search of electronics has become much more intrusive over time. Judge Margaret McKeown wrote:

The amount of private information carried by international travelers was traditionally circumscribed by the size of the traveler’s luggage or automobile. That is no longer the case. Electronic devices are capable of storing warehouses full of information. The average 400-gigabyte laptop hard drive can store over 200 million pages—the equivalent of five floors of a typical academic library.

... With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic. In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself.

And while certain privacy rights are given up during travel, others are not.

"International travelers certainly expect that their property will be searched at the border," wrote McKeown. "What they do not expect is that, absent some particularized suspicion, agents will mine every last piece of data on their devices or deprive them of their most personal property for days (or perhaps weeks or even months, depending on how long the search takes). Such a thorough and detailed search of the most intimate details of one’s life is a substantial intrusion upon personal privacy and dignity."

Still, reasonable suspicion was found here, with the main factors being the fact that Cotterman had a history of sex offenses, and had password-protected files. "Although password protection of files, in isolation, will not give rise to reasonable suspicion, where, as here, there are other indicia of criminal activity," it becomes an important factor, wrote McKeown.

Dissents in multiple directions

Today's decision includes two dissents, arguing in different directions. One dissent, signed onto by three judges, argues that the decision actually makes it too hard for border agents to conduct searches. Those three argue that the government should be given wide clearance to perform searches at the border, and that the advent of new technology doesn't change that.

The government's job of stopping "drugs, bombs, or child pornography" from entering the country is a "Herculean task" and "requires that the government be mostly free from the Fourth Amendment's usual restraints on searches of people and their property," writes Judge Consuelo Callahan, a George W. Bush appointee. "The majority relies primarily on the notion that electronic devices are special to conclude that reasonable suspicion was required," Callahan continues. "The majority is mistaken."

She notes that the Supreme Court has only once required "reasonable suspicion" in the 125 years it has been reviewing border-search cases. "[C]ourtesy of the majority’s decision, criminals now know they can hide their child pornography or terrorist connections in the recesses of their electronic devices," she writes.

There's dissent even among the dissenters in this opinion. A second dissent, written by Judge Milan Smith, agrees that the majority was wrong to establish a "reasonable suspicion" requirement for searches at the border. But Smith goes on to argue there was also no reasonable suspicion to do the more intensive "extended border search" of Cotterman's computer at the Tucson facility, 170 miles away from the border.

"I fail to see how the agents had reasonable suspicion that Cotterman’s computer contained 'illegal files' based solely on his 15-year-old sex offense, travel to Mexico with his wife, and the 'ubiquitous' act of password-protection," wrote Smith. "Mexico is a popular travel destination for Californians, including those who travel to Mexico for its beaches, culture and weather, and not for its sex tourism."

"Under the doctrine of this case, the majority sweeps in thousands of innocent individuals whose electronic equipment can now be taken away from the border and searched indefinitely, under the border search exception," writes Smith.

85 Reader Comments

While I'm sure these sorts of things deters one or two criminals, it also deters other visitors. I made this account to tell my view on it.

I run a company that caters specifically to perverts. We're talking everyone from those that hosts their own orgies to those that have their private little moments behind closed doors. We're talking BDSM, same sex couples, poly relations, as well as just kinky fuckers of all colours and combinations.

Quite a while ago now I tried to enter the US for a trade fair, and was denied entry since I refused to give up the password for my encrypted laptop. The encrypted laptop with the customer register that reads like the "big black book of people who do not under any circumstance want to be publicly connected to this kind of scene".

Ah but they need probably cause of some sort now? Great? Except if the customs agent has a single morally uptight bone in their body, my luggage will no doubt be a neverending stream of probable cause. Handcuffs, whips, chains, duct tape, knives, strange contraptions that go in places they don't want to imagine that I'm ever so happy to describe in detail while they're holding the naughty end of it, that sort of thing.

But one uptight customs officer can't make that decision, right? Yes they can. Sure I could complain to the higher ups, demand compensation for my lost income and so on, but by the time anyone even touches it I'm safely half a planet away and have no further reason to ever visit your lovely but morally uptight and apparently increasingly non-free country again.

So what's the downside of this for the US? Well, I get invited to about half a dozen events yearly in the US that I turn down due to things like this, and having me over would move a fair chunk of change around the local economy in support services and so on. I'm not just an individual after all, I'm a business owner - turning me away means turning my business away.

Funny thing is I live a very open life. You can find very intimate details about me online, in fact some of you probably have, but I don't encrypt my laptop to protect my secrets. I encrypt it to protect my customers. They are not passing any borders, and their privacy is thereby not acceptable to overlook.

"I fail to see how the agents had reasonable suspicion that Cotterman’s computer contained 'illegal files' based solely on his 15-year-old sex offense,

What's wrong with our judicial systems? Was this judge deliberately played dumb or what? Everybody knew it all sex offender's Internet access were being monitored either by the local police and or the sheriff departments or by both 24/7, 265 a year, trillions of seconds in total. Obviously this guy Cotterman's Internet browsing history have been recorded on file for decades after his convictions, that the cops knew all along he has some child porns on his deleted file folders so the cops informed the border patrols to search his computers to get this guy in prison. I am just an average guy down the block and I knew this procedures have been happening for decades, why couldn't this judge knew nothing about it and still questioning about this "I fail to see how the agents had reasonable suspicion" is somehow beyond me. Because, your honor, the cops knew before he crossed the border.

I thing the laws should cut this "reasonable suspicion" bullsh*t and just simply ruled that all sex offenders subjected to a search at the borders. It saves lots of times on the cops and on the sex offenders.

I wondered why this guy still in marriage? Maybe this guy is a white person so the white cops from the surveillance divisions didn't mess with him much and let him live freely? Look like that way, huh? :-)

For many countries sex offenders are not welcomed, period. It seems like Mexico is not one of them. Big surprise!

What if you have external hard drives? Do they have the authority to demand that you plug them in order to check anything stored therein? What if your external hard drive is not bus powered and requires A/C? What if you have a couple dozen multi-terabyte hard drives in your trunk? Even if they do have the authority to demand that you plug them in, will they take the time to have you plug in every single one of them for a quick (or not so quick) inspection?

If your customer list is encrypted, put it on a web site and not on your laptop.

Don't list these things and say they justify a need for privacy - just say you want and expect privacy.

Otherwise you're saying your privacy rights are no stronger than your weak excuses - which I just easily shot down.

So you're saying that if I want to cross a border I should mail my luggage at a great extra cost and store my data in the cloud (which for me is not feasible due to security concerns and often working outside of net connectivity) due to the risk that some morally uptight customs officer might take offence at fully legal items? I'd like to hear more about why you consider wanting the right to impartial fair treatment an "excuse", and why I should have to circumvent discriminatory treatment?

In other words, you didn't blow right through my excuses, you gave the same bullshit responses that people have given throughout the times to thousands if not millions of victims of abuse, oppression, discrimination, and so on. "Just keep it a secret. Just spend a lot of effort hiding anything that might offend the uptight bastards, in fact, think like if it was actually illegal. Smuggle things into the country rather than bring them in openly, because otherwise it's YOUR fault that people discriminate against you/treat you unfairly/whatever."

No, that's not on me. Encrypting my files is legal, the items in my luggage are legal, if I'd be silly enough to be wearing a queer love t-shirt that's fully legal... anyone see that and then use that as a motivation to try and get into my laptop because they feel they have probable cause? That's discrimination, and that's on them.

I can add that I've travelled extensively within Europe and some outside of it, and while many customs officers have been visible upset at what they found in countries traditionally seen as more "unfree" or "uptight", once to the point where they went to get a colleague to take over, never once have I been denied access or treated more unfairly than getting a bit of a more detailed search of the luggage. Never once have the encrypted drive been a source of concern. Sometimes they ask me why I encrypt it, I say it contains confidential company information, and they give it right back without any issues.

Only in the US does it seem like having a secret is a criminal act, and the solution suggested is, as seen, to keep the secret better, to hide it more, to accept your place as a "criminal" that commits no actual crime.

If a child pornographer were to ask me how to protect himself, and if I were stupid enough to tell him here is what I would say. Write a program which creates a temporary directory on each separate partition of your hard drive. Fill each temporary directory with files composed soley of 0 of size 100Mb. When each partition is full repeat with files of size 10MB. Then 1Mb, then 10k. Then 1k.

Delete all the temporary directories.

Redo but write "FF"'s to the file..

Repeat this process seven times.

Doing this you've cleaned your hard drives of the remnants of deleted files to military standards.

It only takes an hour or so to do. The whole process can be automated and put on a boot disk.

I guess what is concerning is so someone goes to Mexico then on they way back they are stopped and are searched and oh their laptop had is encrypted. Say they had a prior drug conviction. So now it's ok to say well you have an encrypted hd and a prior so we can take your stuff and search you even though you might encrypt your hd to prevent it being hacked if stolen to protect your ssn or credit card info from the Internet purchases you may have made. Maybe perhaps you encrypt it b/c you can.....so the mere fact that you choose to protect the privacy of your personal info can be used against you...aka you have incriminated yourself by encrypting your hd....wtf

In your example, the search would almost certainly be ruled invalid by the court's logic on this case. In this case, the search was ruled legal because there was a legitimate (if somewhat farfetched in my opinion) suspicion of wrongdoing. His laptop wasn't searched because he once went to jail. His laptop was searched because he had been convicted of sex crimes against minors, and CBP suspected his laptop contained images which were illegal for him to possess or bring into the country.

In the case of someone with "a prior drug conviction," what could possibly be contained on the laptops or cameras that would be related to the conviction and is illegal to possess? In that case, CBP would almost certainly thoroughly search the vehicle (a person with drug convictions would be a likely candidate for smuggling drugs across the border) and could even be temporarily detained. But a drug conviction does not lend legitimate suspicion as to the contents of their computer or camera. It's not illegal to have pictures of drugs or even images of people using illegal drugs. It's not illegal to bring those things across the border either. So CBP would not have a reasonable suspicion that anything illegal existed on the computer.

Now, if the person in question had prior convictions for computer crimes or espionage, this ruling would allow such searches to be conducted as it's a reasonable thing for them to suspect. But drug offenses, theft, violent crimes, or most other such things wouldn't lend reasonable suspicion based solely on the point of "well he's a criminal."

Seems as if US citizens have become prisoners in their own country. Because whenever they cross a border "anything goes" is going into action and officials are allowed to perform almost any procedure.Next time you come back from Canada you will get a littler waterboarding just to make sure you didn't forget to tell all your little juicy details to the officer.

Seriously? I don't fly that often, but did they finally realize that a swiss army knife is about as dangerous as bare hands?

Small blades were the entire reason that 9/11 was able to happen. Now, the security theater decided that it wasn't such a gross violation to begin with.

The knives were pretty inconsequential. 9/11 was able to happen because people, when hijacked, expected that they'd end up being flow to Cuba or similar; they didn't realise they'd be riding shotgun on a Muslim missile. That plan simply won't work anymore because people (at least some of them) are going to risk confronting hijackers when they realise that they're dead anyway if they do nothing.

Hmm, police are not allowed to "handle" your cell phone if it is password protected.Now, it seems things go the way that if you have password protection it reason for suspicion to warrant a search. Aside from the old ruling that you are not allowed to password protect files in the states... So it seems no matter what there is always a way to reason a search.

what border patrol and customs agents are on the look out for is suspicious behavior, that whiff of something a bit odd about this one.the thing that caused the data base inquiry rather than a pass throughthe perp was not your average tourist. something caused that harder look.

I remember flying into Lauderdale Executive from the Caribbean in the mid 1970sthe cans of soy milk for our son hot a hard look but were left unopened.we must have been too normal

I guess what is concerning is so someone goes to Mexico then on th...snip...

Now, if the person in question had prior convictions for computer crimes or espionage, this ruling would allow such searches to be conducted as it's a reasonable thing for them to suspect. But drug offenses, theft, violent crimes, or most other such things wouldn't lend reasonable suspicion based solely on the point of "well he's a criminal."

don't bet on it. Border services are going to use this excuse to try and search everything.

But he had a parking ticket outstanding from 1978, so we decided to search him.

I'm as happy to see Cotterman collared as the next guy, but judge Callahan is flat wrong.

Border patrol's job (or should be) is to protect national security by preventing the introduction of things that would threaten it, like guns, bombs, radioactive material, etc. Child porn, while certainly ranking as one of the more disgusting things on the planet, is not a national security threat.

The act of crossing the border should not necessarily and automatically subject one to any more scrutiny than boarding a domestic flight.

With the commonplace use of "cloud" (I hate that word!) computing, a criminal need not store *anything* incriminating on his/her personal device. So then what? Scour the cloud accounts just because a person walked over the border? This is getting out of hand.

It's a pretty short leap from this to the mere act of using encryption constituting "reasonable suspicion", and then we're just one high-profile case away from what Britain is doing now, which is: if they think you have an encryption key, and you don't give it to them when asked for it, you'll go to jail.

I guess if someone wants to travel abroad, they should buy a cheap netbook to take with them, so they're only out a few hundred bucks if some law-enforcement agency seizes their stuff and refuses to return it.

...Ah but they need probably cause of some sort now? Great? Except if the customs agent has a single morally uptight bone in their body, my luggage will no doubt be a neverending stream of probable cause. Handcuffs, whips, chains, duct tape, knives, strange contraptions that go in places they don't want to imagine that I'm ever so happy to describe in detail while they're holding the naughty end of it, that sort of thing.

But one uptight customs officer can't make that decision, right? Yes they can. Sure I could complain to the higher ups, demand compensation for my lost income and so on, but by the time anyone even touches it I'm safely half a planet away and have no further reason to ever visit your lovely but morally uptight and apparently increasingly non-free country again.

So what's the downside of this for the US? Well, I get invited to about half a dozen events yearly in the US that I turn down due to things like this, and having me over would move a fair chunk of change around the local economy in support services and so on. I'm not just an individual after all, I'm a business owner - turning me away means turning my business away.

Funny thing is I live a very open life. You can find very intimate details about me online, in fact some of you probably have, but I don't encrypt my laptop to protect my secrets. I encrypt it to protect my customers. They are not passing any borders, and their privacy is thereby not acceptable to overlook.

Agree with you completely. What I might recommend if you do try to come to the US again is putting a sticker/asset tracking tag on the laptop along with having your business card handy (I'm assuming you did the latter the first go). My company uses full disk encryption on a number of laptops and I haven't heard of any issues stemming from it. Granted, we go the other way usually (come back to the US).

Also agree (in your other post) that keeping the data in the cloud that needs to be secure is silly.

I'm just trying to figure out how they knew he was a convicted sex pervert, giving them the reason to search his encrypted files. Or is encrypted files + country with a reputation* = all the reasonable suspicion they need? Because that's not any better than a FISA court. This might be the most disingenuous court ruling I've ever seen - 'you have rights at customs checkpoints after all...unless you're coming back from a foreign country'.

* personally Mexico makes me think of drugs rather than child prostitution, but since we have free trade agreements with them rather than sanctions, I find it funny that visiting them is considered suspicious.

Seems as if US citizens have become prisoners in their own country. Because whenever they cross a border "anything goes" is going into action and officials are allowed to perform almost any procedure.Next time you come back from Canada you will get a littler waterboarding just to make sure you didn't forget to tell all your little juicy details to the officer.

Based on my experiences traveling to Canada, you're more likely to get water boarded when entering Canada than when returning.

Seriously? I don't fly that often, but did they finally realize that a swiss army knife is about as dangerous as bare hands?

Small blades were the entire reason that 9/11 was able to happen. Now, the security theater decided that it wasn't such a gross violation to begin with.

No, complacent passengers who would sit there and wait for hostage negotiators after their hijacked plane got taken to Cuba were the entire reason that 9/11 was able to happen. Anyone who tries to hijack a plane now is going to be beaten to death by all the other passengers. As soon as they reinforced the cockpit doors and learned the lesson of Flight 93, we've been safe in the air from anyone onboard the plane (except pilots, I suppose). We should have turned our entire focus onto explosives and external threats (dudes with shoulder-fired missiles on the ground), rather than worry about attacks the terrorists will not try again. The TSA has been reacting to FAILED attacks like the attempted shoe bomber, and worrying about nail clippers, and it's all been a huge waste of time and money.

What happened on 9/11 was that ordinary people realized they need to take responsibility for their own safety, and fight back. Why isn't the government promoting this idea, when it's been shown time and time again that it's the MOST effective way of stopping terrorist attacks in progress? Shoe bomber was defeated by flight attendants and passengers. Underwear bomber was defeated by passengers. Leaving planes for a bit, Times Square bomber was defeated by a couple of street vendors.

If you want to stop terrorism, you stop being afraid and you act when you find yourself in a scary situation. You don't sit there and wait to get slaughtered or run away from places that might be dangerous. The first line of defense to terrorism is the intelligence work that tries to disrupt plots before they reach fruition. Ordinary people reacting appropriately to defend themselves, taking responsibility for their own safety, will catch almost everything else. The TSA doesn't catch anything, because anyone who gets a plan together without getting caught by intelligence work will plan to get past the TSA.

I'm all for bomb-sniffing dogs at our airports. Knives don't bother me one bit. Heck, bring a machete on board for all I care. Maybe you can kill one or two people before the entire population of that plane charges you and overwhelms you, so what? I can get stabbed while I'm walking down the street. It's not called terrorism when a guy gets stabbed with a knife.

The Times Square bomber was stopped by his own stupidity, he should have paid attention in bombers class. The citizens only reported a fizzing smoking vehicle to the authorities. Had it gone off when intended, well, I wouldn't be writing this.

Number Six: Where am I?Number Two: In the Village.Number Six: What do you want?Number Two: Information.Number Six: Whose side are you on?Number Two: That would be telling. We want information… information… in formation.Number Six: You won't get it.Number Two: By hook or by crook, we will.Number Six: Who are you? Number Two: The new Number Two.Number Six: Who is Number One?Number Two: You are Number Six.Number Six: I am not a number! I am a free man!Number Two: [laughs]

That was Brilliant ! I Nominate you for Post of the Month !We are all The Prisoner !

So you're saying that if I want to cross a border I should .....I'd like to hear more about why you consider wanting the right to impartial fair treatment an "excuse", and why I should have to circumvent discriminatory treatment?

No, I didn't say that. I said if you claim "I deserve privacy because of X" then expect people to debate X instead of your right to privacy.

Quote:

In other words, you didn't blow right through my excuses, you gave the same bullshit responses that people have given throughout the times to thousands if not millions of victims of abuse, oppression, discrimination, and so on.

Hey, I didn't pick your excuse, you're the one who chose a justification that's been blown through thousands if not millions of times to abuse oppressive and discriminate against us.

Next, FrequentNonFlyer will list his top 10 reasons why he shouldn't be a slave. I hope he does better this time, otherwise it's off to the salt mines.

Me, I think personal freedom and privacy are fundamental rights. No justification needed.

Quote:

"Just keep it a secret. Just spend a lot of effort hiding anything that might offend the uptight bastards, in fact, think like if it was actually illegal. Smuggle things into the country rather than bring them in openly, because otherwise it's YOUR fault that people discriminate against you/treat you unfairly/whatever."

I don't believe you should have to do that. You just wish I did so you could argue with me.

Quote:

Only in the US does it seem like having a secret is a criminal act, and the solution suggested is, as seen, to keep the secret better, to hide it more, to accept your place as a "criminal" that commits no actual crime.

I didn't suggest that as a solution, and I don't believe you should have to do that. I said your weak ass justification will have similar weak ass responses.

So because of a charge 15 years prior, for which he had completed serving his sentence, they had reasonable cause? There are so many things wrong with this. Guess the government has deeply integrated the belief "once a criminal, always a criminal."

Here's my issue with this whole "HE'S A PEDOPHILE!!!" bit: it was (now) 21 years ago that he was convicted of sex offenses, including child molestation. How old is he? That was never said. Is it possible that he was an 18-year-old that had sex with a 16-year-old and thus got labeled a child molester? I mean, 21 years is a long freaking time. Is it possible the "child" he had sex with to get labeled as such is his wife at this point?

I also particularly hate the way the judges are misdirecting the issues in saying that "password protected files" were found and then there were "75 pictures of child pornography" in his deleted files section. I know in relating the story to my fiance, he automatically assumed that the deleted pictures were the ones that were password protected and thus we have just given up more of our 4th Amendment rights for justifiably catching criminals, but it was never explicitly said anywhere in the court briefs or the article that the password protected files were in any way illegal files. For all we know, they could have been bank statement files, or username/password spreadsheets.

I call this case anything but clear-cut. I think this guy is highly likely not going to get a fair treatment; and worse, the unusual coagulation of factors of this case will be ultimately used to set precedent for all the rest of us when we cross the borders with electronic devices.

You know what the hell of it is?Ultimately they didn't find anything in his encrypted files at all.They managed to reconstruct some images that had been DELETED at some point in history, and likely had nothing to do with the Mexico trip.

As a native-born American citizen who had 4th Amendment rights until recently, I guess I'm left to wonder why the standard is "reasonable suspicion." I remember naively thinking that "probable cause" was the standard if someone wanted to conduct a search against an American on US soil.

"Reasonable suspicion" is the standard that New York City policemen use to search minorities who "look furtive." Police Academy 101 trains police candidates on how to assert reasonable suspicion in any circumstance. It's not much of a protection to those who used to have constitutional rights.

So it seems that if you happen to commit a wrong, you will forever be stigmatized for it; despite the fact that you had been duly punished for it? One therefore has to ask; what is the use of the punishment if it is not going to make you good and acceptable again? Society seems to have placated itself in the idea of never to forgive and forget. Reminds of the the scarlet letter, justifying which-hunts of in our modern time.

What happens if I refuse to decrypt my data when I land at the airport?

There is no reason for anybody to think I'm a criminal, but if something is encrypted then I have a reason to encrypt it and am not giving up the password.

And they will search deleted files too? That means I can't just delete my encrypted files and upload to a remote server for the f light (they're pretty small, mostly passwords) - I also have to buy and install a new hard drive just so I can travel to the USA?

What guarantee is there they won't damage my computer while inspecting it?

And what happens when someone has protected, confidential corporate information? I used to travel into the US all the time as a sales engineer for a multinational and had information on my laptop that was encrypted. While it generally was non-issue I was asked a few times what was on the laptop to which I would reply work related material - which is all it was. They asked if they could look through it to which I would reply only if they sign a confidentiality agreement. Three times they just rolled their eyes and waved me through, but once they pulled me aside to speak with a supervisor. I told him that some of the information was considered classified by the company and he'd have to call our legal department and speak with them or there could be some serious legal ramifications. He replied they didn't have to do that and can search it if they wanted to. So I called head office, told them what was occurring and got one our lawyers on the phone. He spoke to the supervisor for several minutes at which point he handed the phone back to me and said I was free to go and apologies for the delay. So I still don't know who had what rights to what but it always seems that when a lawyer gets through berating one of these clowns the problem just seems to disappear and you're free to go on your merry way.

Anyway you slice it, if the government has to hide behind a single criminal act to strip away everyone elses rights than it seems they don't have a moral leg to stand on regardless. There are many reasons for people to be coming across the border with protected data and it does not necessitate that its for criminal enterprise.

So because of a charge 15 years prior, for which he had completed serving his sentence, they had reasonable cause? There are so many things wrong with this. Guess the government has deeply integrated the belief "once a criminal, always a criminal."

Here's my issue with this whole "HE'S A PEDOPHILE!!!" bit: it was (now) 21 years ago that he was convicted of sex offenses, including child molestation. How old is he? That was never said. Is it possible that he was an 18-year-old that had sex with a 16-year-old and thus got labeled a child molester? I mean, 21 years is a long freaking time. Is it possible the "child" he had sex with to get labeled as such is his wife at this point?

I also particularly hate the way the judges are misdirecting the issues in saying that "password protected files" were found and then there were "75 pictures of child pornography" in his deleted files section. I know in relating the story to my fiance, he automatically assumed that the deleted pictures were the ones that were password protected and thus we have just given up more of our 4th Amendment rights for justifiably catching criminals, but it was never explicitly said anywhere in the court briefs or the article that the password protected files were in any way illegal files. For all we know, they could have been bank statement files, or username/password spreadsheets.

I call this case anything but clear-cut. I think this guy is highly likely not going to get a fair treatment; and worse, the unusual coagulation of factors of this case will be ultimately used to set precedent for all the rest of us when we cross the borders with electronic devices.

Hopefully they didn't screw up so bad that the laptops and camera's were actually second hand items he bought in mexico and the pic's weren't even his to begin with

Sqidz. Have to disagree here. Violent crimes and drug offenses can have evidence on a computer. Emails to people whom helped you in the crime, posts to forums bragging about said crime or future deals, emails to other drug dealers, pictures of other dealers or locations, heck google map cache of places you might have look for.

If a child pornographer were to ask me how to protect himself, and if I were stupid enough to tell him here is what I would say. Write a program which creates a temporary directory on each separate partition of your hard drive. Fill each temporary directory with files composed soley of 0 of size 100Mb. When each partition is full repeat with files of size 10MB. Then 1Mb, then 10k. Then 1k.

Delete all the temporary directories.

Redo but write "FF"'s to the file..

Repeat this process seven times.

Doing this you've cleaned your hard drives of the remnants of deleted files to military standards.

It only takes an hour or so to do. The whole process can be automated and put on a boot disk.

I first picked a bone in this fight when the FTA detained a UN official for refusing to enter the password on his laptop at a border crossing.

I came up with a plan, and have several media contacts who would have been on site to discreetly monitor the situation. Since then several electronics laws that have passed have put me off my appetite for the form of protest I had planned. I'm glad that something is reaching the courts on this matter. I'm further delighted by the fact that the 9th circuit has ruled that even in this extreme case that the step of confiscation and forensic search was beyond the scope of jurisdiction.

Further note about storage: "Unallocated" space does NOT refer to space which as been deleted, but rather space which does not belong to a partition. If I delete a file, the partition is still aware of the space, and is capable of using it to write new files to, it is not capable of writing files to unallocated space.

This could be a seemingly crafty way of hiding evidence. Create a 20GB partition, let's call it Drive P (for porn). You go on vacation to a country with very lax sex and pornography rules. (I believe age 14 is allowable last I checked in Mexico, younger with parental consent and under the case of marriage) You fill up your drive, and then before you leave the country; (Knowing that a partition is easy to recover, and that on a large 1TB drive 20GB is easily ignored due to the GB vs GiB conversion.) you delete the partition with a quick-format. These deletes the partition table, making the space "unallocated" but leaving all the files intact for later recovery efforts. Seeing as the drive was not encrypted nothing should bar your recovery efforts, but it does make the data less likely to be discovered by cursory observation.

Of course if TrueCrypt had been used to encrypt the partition, then recovery would be more difficult, but the data could only be recovered with the appropriate knowledge. The easiest method being to note the byte-locations and using a program like DD to create an image that is true-crypt mountable out of the destroyed data.

Edit:

Additional information about drive/file recovery and deletion.

To securely delete a partition, the best method is to contact the manufacturer, they usually have a program that is optimized to your specific hard-drive architecture. It generally requires only two passes to significantly destroy data using the correct algorithm.

Barring access to such a program, it is possible to do multiple passes of writing zeroes or random junk data to the drive, but this is less efficient AND less predictable.

Remember Free-space and unallocated space are different things. CCleaner has an option to "wipe" free space. (Write zeroes to file locations that have been deleted but still contain file information.). This of course would not encroach on "unallocated space" however, as is true of most secure wipe programs, as such if you're concerned with the security, use a secure delete program, THEN remove the partition, then consider the use of a sector-by-sector/byte-by-byte drive wiping program, or use of the above mentioned manufacturer tools.

Just because the drive has been damaged in such a way that Windows won't properly read it, or mount it any longer, do not assume the data cannot be recovered. I have many times made a successful image from a failed/failing drive using a variety of tricks which I could then perform forensic sweeps and data recovery against. These methods further leave the original drive (aside from a few read/write cycles) unadulterated, and therefor forensically viable.

Being outside the US and preparing to re-enter this gives me pause. Will my external hard drives and laptop be subject to thorough examination with a fine toothed comb when I re-enter the country? I'm not a fugitive or a convict, but it seems to me that if you want to find something that someone has done wrong all you need to is look hard enough and you can build even the thinnest case against them. I don't really care for someone to be picking through my data, let alone picking through my data and looking for something that they don't like

If a child pornographer were to ask me how to protect himself, and if I were stupid enough to tell him here is what I would say. Write a program which creates a temporary directory on each separate partition of your hard drive. Fill each temporary directory with files composed soley of 0 of size 100Mb. When each partition is full repeat with files of size 10MB. Then 1Mb, then 10k. Then 1k.

Delete all the temporary directories.

Redo but write "FF"'s to the file..

Repeat this process seven times.

Doing this you've cleaned your hard drives of the remnants of deleted files to military standards.

It only takes an hour or so to do. The whole process can be automated and put on a boot disk.

Doesn't sound like it quite works actually for cleaning "Free space". At least from what I can tell in the notes on that link you listed? Or am I not reading this correctly?

sdelete makes it very hard to recover data from free space on the disk. What it won't do, however, is securely erase the slack space after the end of a file residing in a given cluster. It also won't touch any of the metadata the operating system collects during normal use (such as the files listed in an "open recent..." menu item). There could be a whole trove of partial files left over from when something was overwritten by a smaller file, and all but the most paranoid user trades security for convenience without even knowing they've done so.

Wiping the free space on your HDD is really easy and, frankly, the very least of your problems if you're trying to thwart law enforcement or other adversaries.